Facebook Reveals Hack Attack, Says User Data Not Compromised

No user data was compromised as a result of hacking, reports CNBC's Julia Boorstin.

Just two weeks after Twitter announced it was hacked, Facebook revealed that it was hacked last month in what it called "a sophisticated attack."

But the social network said, "We have found no evidence that Facebook user data was compromised."

An investigation is ongoing, and Facebook said it is "working continuously and closely with our own internal engineering teams, with security teams at other companies, and with law enforcement authorities to learn everything we can about the attack, and how to prevent similar incidents in the future."

Facebook said that a handful of employees visited a compromised mobile developer website. That compromised website allowed malware to be installed on their laptops.

Is Facebook at fault?

The company said the laptops were "fully-patched and running up-to-date anti-virus software." Furthermore, it said anti-virus software could not have prevented this attack, which was particularly sophisticated.

At this point it means nothing. There's no reason to think that personal information was shared. The company is clearly sensitive to how terrible an information breach would be for user trust.

Daniel Acker | Bloomberg | Getty Images

But this latest hack attack does raise major concerns about all the personal information people share online. When Twitter was hacked, more than 250,000 accounts may have been accessed. After the Wall Street Journal was hacked, Rupert Murdoch pointed to the Chinese government.The New York Times and the Washington Post have also suffered recent attacks.

What can Facebook users do about what appears to be a growing problem?

After Twitter was hacked, the company recommended that users turn off Oracle's Java. Facebook also blames Java, saying, "we found it was using a 'zero-day' (previously unseen) exploit to bypass the Java sandbox (built-in protections) to install the malware."

Facebook said that after it reported this to Oracle, it "confirmed our findings and provided a patch on February 1, 2013 that addresses this vulnerability."